Share |

Frequently Asked Questions

What is Lockbin?
Lockbin is a web application for sending private email messages and files. It's free! People use it to send things like credit card numbers or confidential information.

Is Lockbin Hipaa Compliant?
Lockbin was built with Hipaa regulations as a primary consideration. Lockbin uses FIPS 140-2 encryption libraries, and takes extraordinary precautions to protect and destroy EPHI. Learn more about how Lockbin is Hipaa compliant.

Why can't I just use regular email?
You can, but someone might interecept your message. That's why people shouldn't send sensitive information over regular email. Lockbin also ends message persistence, which means your email message will not be backed up on email servers or stored in backup files. Network sniffers can also spy on your email traffic while in transit. Use Lockbin to obscure the content of your message and avoid these hazards to your privacy.

How does it work?
No registration is required to use Lockbin. Your message and file attachments (data at rest) are protected by strong AES-256 bit encryption delivered from a FIPS 140-2 verified cryptolibrary. You invent the password and deliver it to the recipient using a phone, text message, instant message, or homing pigeon. Best practice is to NOT deliver the password by email.

How long does my message stay on your server
If the recipient clicks the Delete button after viewing the message, it is immediately marked for deletion and is no longer available for retrieval. If the file is read but not marked for deletion, it will be removed within 24 hours; this short delay gives the recipient time to download large files, or to resume interrupted downloads. Uncollected messages are automatically destroyed at six months. Files are deleted in batches using using a military grade multi-pass erasure method.

Can you see my message on your server?
No, we cannot see your message. The message is encrypted using your password before it is stored in our server, and the password does not remain on our servers. No unencrypted files are stored on our server. We have no way to decrypt your message, and we can't help you if you forget the password. Although we can see files that are encrypted, we are not able to decipher the files.

Is it safe?
Pretty darn safe. Nothing is perfect, and neither is this, but it is certainly safer than sending sensitive data directly through email. The largest threats to this method would be 1) capturing the sender or recipient's password by spoofing the Lockbin website, or 2) a screen capture virus that images the decrypted message on the recipient's computer, or keystroke logger.

How do you make money? Will you sell my email address and spam me?
We absolutely will not spam nor voluntarily share any information about our users. If we did no one would use Lockbin. We make money by providing subscriptions to an advanced tier of services, and by consulting with companies who are interested in leasing a Lockbin server.

I am a spy. Can I use Lockbin to send stolen secrets back to the motherland?
No. Lockbin must only be used for legal purposes.

Where can I learn more about protecting my privacy on the internet?
Your privacy is a big deal. That's why we support the Electronic Frontier Foundation, both morally and financially. Visit them at Tell them Lockbin sent you. Some other projects we find interesting include (anonymous web browsing), (IM), and EFF's project to encrypt the web, There are many other worthwhile projects, but these are good places to begin.

Is AES-256 Encryption Strong?
If you use a strong password it is. AES-256 is not known to have been cracked through brute force. It's been said by people smarter than us that it would take a 4 GHz computer 4.5865*10^59 years to search just half the key space, a period of time in which most scientists believe the universe will cease to exist long before that happens.

Can I use Lockbin on my mobile?
We have a low bandwidth version of lockbin at It seems less necessary today in the age of smart phones, since many mobile users are able to use the full site now, but you're welcome to use it.

Do you backup my files and messages?
Files and messages uploaded to are first encrypted as they are streamed to the primary storage disks. They are never stored in an unencrypted state. The encrypted files are then mirrored to our backup server facility. We do not retain a backup of files which our users have removed or which have not been retrieved within six months.

Will your comply with police demands to turn over my messages?
All data is stored within the United States. As a U.S. company, we are obligated to comply with legal court orders asking for information. If legally demanded, we must supply your encrypted documents and meta data to investigators. Lockbin does not have a back door and so we are unable to supply decryption keys for your documents.

I don't feel comfortable hosting my data in the U.S.
Many people have expressed this sentiment to us recently, especially our friends in Europe. We are currently looking for partners in France, Germany, U.K. and Netherlands and other countries who would be willing to work with us to setup and manage locally hosted versions of Lockbin. We will keep you posted as our localization project continues. Should we take on local partners, you will see them announced here; if they are not listed here, they are not genuine.

Has the NSA tapped your servers?
Since publication of news that some U.S. companies have provided direct access of their servers to the government, we have fielded questions like this many times. As of this week, no government authority has demanded access to our servers, nor have we been asked to accommodate any government surveillance of Lockbin users. If the time comes when such a demand is made, we would likely be prevented from telling you about it. However, we could not in good conscience continue to publicly maintain this claim, as we are doing right now.


Lockbin FIPS version 3.0 © 2006-2014 All Rights Reserved. Privacy Policy|Refund|Hipaa